Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
7Static
static
3cudatext/cudatext.exe
windows7-x64
3cudatext/cudatext.exe
windows10-2004-x64
3cudatext/c...32.dll
windows7-x64
3cudatext/c...32.dll
windows10-2004-x64
3cudatext/c...64.dll
windows7-x64
7cudatext/c...64.dll
windows10-2004-x64
7cudatext/d...++.vbs
windows7-x64
1cudatext/d...++.vbs
windows10-2004-x64
1cudatext/d...te.vbs
windows7-x64
1cudatext/d...te.vbs
windows10-2004-x64
1cudatext/d...ipt.js
windows7-x64
3cudatext/d...ipt.js
windows10-2004-x64
3cudatext/d...t.html
windows7-x64
3cudatext/d...t.html
windows10-2004-x64
1cudatext/d...y.html
windows7-x64
3cudatext/d...y.html
windows10-2004-x64
3cudatext/d...n.html
windows7-x64
3cudatext/d...n.html
windows10-2004-x64
3cudatext/d...L.html
windows7-x64
3cudatext/d...L.html
windows10-2004-x64
3cudatext/d...sp.asp
windows7-x64
3cudatext/d...sp.asp
windows10-2004-x64
3cudatext/d...ult.js
windows7-x64
3cudatext/d...ult.js
windows10-2004-x64
3cudatext/d...ult.py
windows7-x64
3cudatext/d...ult.py
windows10-2004-x64
3cudatext/d...lt.vbs
windows7-x64
1cudatext/d...lt.vbs
windows10-2004-x64
1cudatext/d...ml.htm
windows7-x64
3cudatext/d...ml.htm
windows10-2004-x64
3cudatext/d...p.html
windows7-x64
3cudatext/d...p.html
windows10-2004-x64
3Analysis
-
max time kernel
121s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system -
submitted
01/09/2024, 07:41
Static task
static1
Behavioral task
behavioral1
Sample
cudatext/cudatext.exe
Resource
win7-20240705-en
windows7-x64
Behavioral task
behavioral2
Sample
cudatext/cudatext.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
cudatext/cudatext_shell32.dll
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral4
Sample
cudatext/cudatext_shell32.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
cudatext/cudatext_shell64.dll
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral6
Sample
cudatext/cudatext_shell64.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
cudatext/data/autocomplete/C++.vbs
Resource
win7-20240705-en
windows7-x64
Behavioral task
behavioral8
Sample
cudatext/data/autocomplete/C++.vbs
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
cudatext/data/lang/translation template.vbs
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral10
Sample
cudatext/data/lang/translation template.vbs
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
cudatext/data/lexlib/Bash script.js
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral12
Sample
cudatext/data/lexlib/Bash script.js
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
cudatext/data/newdoc/Frameset.html
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral14
Sample
cudatext/data/newdoc/Frameset.html
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
cudatext/data/newdoc/Glossary.html
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral16
Sample
cudatext/data/newdoc/Glossary.html
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
cudatext/data/newdoc/Redirection.html
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral18
Sample
cudatext/data/newdoc/Redirection.html
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
cudatext/data/newdoc/asp with HTML.html
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral20
Sample
cudatext/data/newdoc/asp with HTML.html
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
cudatext/data/newdoc/asp.asp
Resource
win7-20240705-en
windows7-x64
Behavioral task
behavioral22
Sample
cudatext/data/newdoc/asp.asp
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
cudatext/data/newdoc/default.js
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral24
Sample
cudatext/data/newdoc/default.js
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
cudatext/data/newdoc/default.py
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral26
Sample
cudatext/data/newdoc/default.py
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
cudatext/data/newdoc/default.vbs
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral28
Sample
cudatext/data/newdoc/default.vbs
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
cudatext/data/newdoc/html.htm
Resource
win7-20240705-en
windows7-x64
Behavioral task
behavioral30
Sample
cudatext/data/newdoc/html.htm
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral31
Sample
cudatext/data/newdoc/jsp.html
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral32
Sample
cudatext/data/newdoc/jsp.html
Resource
win10v2004-20240802-en
windows10-2004-x64
General
-
Target
cudatext/cudatext_shell64.dll
-
Size
1.1MB
-
MD5
8990a3692839c66d4c3d4196beccfc19
-
SHA1
563a54d812946601e2633abe7488b31f960b6845
-
SHA256
a23607739b05a20bcf5c79f0fb79659ae992d081e5dc75b15c63663af9c57925
-
SHA512
dc727f6556cae91572ecdd50fc0470a78502ee84c7a442e28f04befed99619da93e60242379f93c68a153d40f294d333a71e0e3bfeb4375355eb70effa292757
-
SSDEEP
12288:Tk4ULJUxWeEsA5Ry/3X4XyIrHyGddSvj4tNfQWWB2RqQN:A4U1UxGsA5Ry/HRjGdovj4tZQWWT
Malware Config
Signatures
-
Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Modifies registry class 54 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{9F5022BF-4CDB-4F5A-B9BE-7971D91B954F}\1.0\FLAGS regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2C7271F7-C5F5-4E97-BE65-93552CEB96D1}\TypeLib regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{424D212F-385A-45BD-B844-12DE48079799}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\cudatext\\cudatext_shell64.dll" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2C7271F7-C5F5-4E97-BE65-93552CEB96D1} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CudaTextContextMenuHandler.CudaTextContextMenuHandler.1\CLSID regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\CudaTextContextMenuHandler\ = "{424D212F-385A-45BD-B844-12DE48079799}" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{9F5022BF-4CDB-4F5A-B9BE-7971D91B954F}\1.0\0\win64 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{9F5022BF-4CDB-4F5A-B9BE-7971D91B954F}\1.0\ = "CudaTextContextMenuHandler" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{9F5022BF-4CDB-4F5A-B9BE-7971D91B954F}\1.0\0 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{9F5022BF-4CDB-4F5A-B9BE-7971D91B954F}\1.0\HELPDIR regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2C7271F7-C5F5-4E97-BE65-93552CEB96D1}\TypeLib\Version = "1.0" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{424D212F-385A-45BD-B844-12DE48079799}\VersionIndependentProgID regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{424D212F-385A-45BD-B844-12DE48079799}\TypeLib regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{424D212F-385A-45BD-B844-12DE48079799}\TypeLib\ = "{9F5022BF-4CDB-4F5A-B9BE-7971D91B954F}" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{9F5022BF-4CDB-4F5A-B9BE-7971D91B954F} regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2C7271F7-C5F5-4E97-BE65-93552CEB96D1}\ = "ICudaTextContextMenuHandler" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\CudaTextContextMenuHandler regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{9F5022BF-4CDB-4F5A-B9BE-7971D91B954F}\1.0\0\win64\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\cudatext\\cudatext_shell64.dll" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2C7271F7-C5F5-4E97-BE65-93552CEB96D1}\ = "ICudaTextContextMenuHandler" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{424D212F-385A-45BD-B844-12DE48079799}\InprocServer32 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{424D212F-385A-45BD-B844-12DE48079799} regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{424D212F-385A-45BD-B844-12DE48079799}\ProgID\ = "CudaTextContextMenuHandler.CudaTextContextMenuHandler.1" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{9F5022BF-4CDB-4F5A-B9BE-7971D91B954F}\1.0\HELPDIR\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\cudatext" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2C7271F7-C5F5-4E97-BE65-93552CEB96D1}\ProxyStubClsid32 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CudaTextContextMenuHandler.CudaTextContextMenuHandler\ = "CudaTextContextMenuHandler object" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CudaTextContextMenuHandler.CudaTextContextMenuHandler\CurVer regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\CudaTextContextMenuHandler\ = "{424D212F-385A-45BD-B844-12DE48079799}" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{9F5022BF-4CDB-4F5A-B9BE-7971D91B954F}\1.0\FLAGS\ = "0" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{424D212F-385A-45BD-B844-12DE48079799}\VersionIndependentProgID\ = "CudaTextContextMenuHandler.CudaTextContextMenuHandler" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CudaTextContextMenuHandler.CudaTextContextMenuHandler\CLSID\ = "{424D212F-385A-45BD-B844-12DE48079799}" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2C7271F7-C5F5-4E97-BE65-93552CEB96D1}\TypeLib\ = "{9F5022BF-4CDB-4F5A-B9BE-7971D91B954F}" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{9F5022BF-4CDB-4F5A-B9BE-7971D91B954F}\1.0 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2C7271F7-C5F5-4E97-BE65-93552CEB96D1}\ProxyStubClsid32 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2C7271F7-C5F5-4E97-BE65-93552CEB96D1}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{424D212F-385A-45BD-B844-12DE48079799}\ = "CudaTextContextMenuHandler object" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CudaTextContextMenuHandler.CudaTextContextMenuHandler regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CudaTextContextMenuHandler.CudaTextContextMenuHandler.1\ = "CudaTextContextMenuHandler object" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2C7271F7-C5F5-4E97-BE65-93552CEB96D1}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{424D212F-385A-45BD-B844-12DE48079799}\InprocServer32\ThreadingModel = "Apartment" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CudaTextContextMenuHandler.CudaTextContextMenuHandler.1 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CudaTextContextMenuHandler.CudaTextContextMenuHandler.1\CLSID\ = "{424D212F-385A-45BD-B844-12DE48079799}" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\CudaTextContextMenuHandler regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\CudaTextContextMenuHandler\ = "{424D212F-385A-45BD-B844-12DE48079799}" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\CudaTextContextMenuHandler\ = "{424D212F-385A-45BD-B844-12DE48079799}" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2C7271F7-C5F5-4E97-BE65-93552CEB96D1}\TypeLib\Version = "1.0" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2C7271F7-C5F5-4E97-BE65-93552CEB96D1} regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2C7271F7-C5F5-4E97-BE65-93552CEB96D1}\TypeLib\ = "{9F5022BF-4CDB-4F5A-B9BE-7971D91B954F}" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{424D212F-385A-45BD-B844-12DE48079799}\ProgID regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CudaTextContextMenuHandler.CudaTextContextMenuHandler\CLSID regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CudaTextContextMenuHandler.CudaTextContextMenuHandler\CurVer\ = "CudaTextContextMenuHandler.CudaTextContextMenuHandler.1" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\CudaTextContextMenuHandler regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\CudaTextContextMenuHandler regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2C7271F7-C5F5-4E97-BE65-93552CEB96D1}\TypeLib regsvr32.exe